pkg:Packagist/contao/core-bundle

All known vulnerabilities

• CRITICAL9.8CVE-2019-11512Contao SQL injection in the file manager
  >= 4.1.0, < 4.4.39
• CRITICAL9.8CVE-2017-16558Contao SQL injection in the backend and listing module
  >= 4.0.0, < 4.4.8
• CRITICAL9.8Contao Does Not Invalidate Existing Sessions When Password Changes
  >= 4.0.0, < 4.4.37
• CRITICAL9.8Contao Does Not Expire Tokens Correctly
  >= 4.7.0, < 4.7.3
• HIGH8.8Contao CSRF Token Bypass
  >= 4.7.0, < 4.7.3
• HIGH8.8Contao Core directory traversal vulnerability
  >= 4.0.0, < 4.4.1
• HIGH8.8Unrestricted file uploads in Contao
  >= 4.0.0, < 4.4.46
• HIGH8.3Contao affected by remote command execution through file upload
  >= 4.0.0, < 4.13.49
• HIGH8.3Contao: Possible cookie sharing with external domains while checking protected pages for broken links
  >= 4.9.0, < 4.13.40
• HIGH8.0Privilege escalation via form generator
  >= 4.0.0, < 4.4.56
• HIGH7.2Cross site scripting via canonical tag in Contao
  >= 4.13.0, < 4.13.3
• MEDIUM6.7PHP file inclusion via insert tags
  >= 4.0.0, < 4.4.56
• MEDIUM6.6Contao is vulnerable to remote code execution in template closures
  >= 4.0.0, < 4.13.57
• MEDIUM6.6Cross site scripting via input unit widget
  >= 4.0.0, < 4.9.42
• MEDIUM6.1Cross-site Scripting in Contao
  >= 4.0.0, < 4.4.18
• MEDIUM6.1Cross site scripting in the system log
  >= 4.5.0, < 4.9.16
• MEDIUM5.9Contao: Remember-me tokens will not be cleared after a password change
  from 0, < 4.13.40
• MEDIUM5.9Cross site scripting via HTML attributes in the back end
  >= 4.0.0, < 4.4.56
• MEDIUM5.4Contao: Cross site scripting in the file manager
  >= 4.0.0, < 4.13.40
• MEDIUM5.3Contao can disclose sensitive information in the news module
  >= 5.0.0-RC1, < 5.3.38
• MEDIUM5.3Contao discloses sensitive information in the front end search index
  >= 4.9.14, < 4.13.56
• MEDIUM5.3Contao affected by insert tag injection via canonical URL
  >= 4.13.0, < 4.13.49
• MEDIUM5.3Contao Insert tag injection in forms
  >= 4.0.0, < 4.4.52
• MEDIUM5.3Insert tag injection in the Contao login module
  >= 4.8.4, < 4.8.6
• MEDIUM5.3Information disclosure in the Contao backend
  >= 4.0.0, < 4.4.46
• MEDIUM4.3Contao does not properly manage privileges for page and article fields
  >= 5.3.0, < 5.3.38
• MEDIUM4.3Contao applies improper access control in the back end voters
  >= 5.0.0, < 5.3.38
• MEDIUM4.3Contao affected by directory traversal in the file selector widget
  from 0, < 4.13.49
• LOW3.3Contao is vulnerable to cross-site scripting in templates
  >= 4.0.0, < 4.13.57
• LOW3.1Contao: Unencoded insert tags in the frontend
  >= 4.0.0, < 4.13.40
• —Contao Vulnerable to Cross-Site Scripting (XSS) through SVG uploads
  >= 4.0.0, < 4.13.54